The Citizens of the United States have appealed to the Obama Administration through a campaign for rejecting any policy, mandate or law that stands against their security in the cyberspace and adopt strong encryption for them.

The Washington Post reported that the Obama Administration has agreed partially on the encrypted communications issue.

"The administration has decided not to seek a legislative remedy now, but it makes sense to continue the conversations with industry," James B. Comey, FBI Director, said at a Senate hearing Thursday of the Homeland Security and Governmental Affairs Committee.

This decision is considered as the Status Quo. It is like a win-win situation to decrease the tension because of the Petition and regard the law enforcement agencies as well as the citizens.

What does the Law Enforcement want?

The Law Enforcement Agencies (LEA) find it difficult to assess the encrypted information that they get from gaining access to the communications of criminals, terrorists and spies.

Even the state and local agencies investigating crimes like child kidnappings and car crashes find it difficult in the digital era with the increase in pieces of evidence that are electronic devices they can’t access without a search warrant.

Further, if the cyber criminal "Pleads the Fifth," it becomes more challenging for the LEA.

What do the Citizens need?

The Citizens of the United States have stood up for a temporary alliance, where they are petitioning the President for privacy, security, and integrity of their communications and systems.

The campaign initiated by the U.S. citizens requires participation of their fellow citizens by signing the petition on the website Savecrypto.org, and the stats say they need 50,000 more number of participation from the people.

If they reach a majority of 100,000, then they will get a reply from the White House. Also, if they get more than 370,000 votes, it will be the most popular WhiteHouse.gov petition ever.

How Encryption comes into Play?

Companies that provide encryption are the ones that reside in between both the primary entities (LEA and Citizens) because they are ones allowing us to encrypt our information over:

Voice or Text communication

Any electronic Device

In the matter of text, the companies offer encryption in which the only persons who can read that message are the sender and the receiver.

Whereas, in the case of a device, only its owner has the access to the device's data. However, the companies themselves leave 'backdoors' or keys to decrypt that data for the government, even if served with search warrants or intercept orders.

As, decoding the communication is a challenging task for the LEA, certain members of Congress and the FBI want to force these companies to give the government special access to the citizens

data.

And to achieve this they want these companies to:

Build security vulnerabilities

Give them a "golden key" to unlock the citizens encrypted communications.

However, the "security experts agree that it's not possible to give the government what it wants without creating vulnerabilities that could [even] be exploited by bad actors," quoted the Savecrypto.org.

It's like having no meaning of "Encryption" and "Security."

If this is the way Obama Administration is going to handle the Encryption policy for communications for the citizens, it would be a No-win situation.

The decision was declared at a Cabinet meeting on October 1, 2015, and, as the president has said, the US will "work to ensure that malicious actors can be held to account — without weakening our commitment to strong encryption."

National Security Council spokesman Mark Stroh also replied and said, "As part of those efforts, we are actively engaged with private companies to ensure they understand the public safety and national security risks that result from malicious actors' use of their encrypted services and products."

Visiting a website certified with an SSL certificate doesn’t mean that the website is not bogus. Secure Sockets Layer (SSL) protect the web users in two ways, it uses public key encryption to encrypt sensitive information between a user’s computer and a website, such as usernames, passwords, or credit card numbers and also verify the identity of websites.

Today hackers and cyber criminals are using every tantrum to steal users’ credentials and other sensitive data by injecting fake SSL certificates to the bogus websites impersonating Social media, e-commerce, and financial websites as well.

DETECTING FAKE DIGITAL CERTIFICATES WIDELY

A Group of researchers, Lin-Shung Huang , Alex Ricey , Erling Ellingseny and Collin Jackson, from the Carnegie Mellon University in collaboration with Facebook have analyzed [PDF] more than 3 million SSL connections and found strong evidence that at least 6;845 (0:2%) of them were in fact tampered with forged certiﬁcates i.e. self-signed digital certificates that aren’t authorized by the legitimate website owners, but will be accepted as valid by most browsers.

They utilized the widely-supported Flash Player plug-in to enable socket functionality and implemented a partial SSL handshake on our own to capture forged certiﬁcates and deployed this detection mechanism on an Alexa top 10 website, Facebook, which terminates connections through a diverse set of network operators across the world.

Generally Modern web browsers display a warning message when encountering errors during SSL certiﬁcate validation, but warning page still allows users to proceed over a potentially insecure connection.

Fake SSL connections can argue that certiﬁcate warnings are mostly caused by server mis-conﬁgurations. According to usability survey, many users actually ignore SSL certiﬁcate warnings and trusting forged certificates could make them vulnerable to the simplest SSL interception attacks.

This means that a potential hacker can successfully impersonate any website, even for secure connections i.e. HTTPS, to perform an SSL ma-in-the-middle attack in order to intercept encrypted connections.

FAKE DIGITAL CERTIFICATES SIGNED WITH STOLEN KEYS FROM ANTIVIRUS

Researchers observed most of the forged SSL certiﬁcate are using same name as original Digital Certificate issuer organizations, such as VeriSign, Comodo.

Some Antivirus software such as Bitdefender, ESET, BullGuard, Kaspersky Lab, Nordnet, DefenderPro etc., has ability to intercept/Scan SSL connection on Clients’ system in order to defend their users from Fake SSL connections. These Antivirus products generate their own certiﬁcates that would be less alarming than other Self-signed digital certificates.

"One should be wary of professional attackers that might be capable of stealing the private key of the signing certificates from antivirus vendors, which may essentially allow them to spy on the antivirus users (since the antivirus root certificate would be trusted by the client)," the researchers explained. "Hypothetically, governments could also compel antivirus vendors to hand over their signing keys."

Similar capabilities are observed in various Firewall, Parental Control Software and adware software those could be compromised by hackers in order to generate valid, but fake digital certificates.

DIGITAL CERTIFICATES GENERATED BY MALWARE

Researchers also noticed another interesting self-signed digital certificate, named as ‘IopFailZeroAccessCreate’, which was generated by some malware on client-end systems and using same name as trusted Certificate issuer “VeriSign Class 4 Public Primary CA.”

“These variants provide clear evidence that attackers in the wild are generating certiﬁcates with forged issuer attributes, and even increased their sophistication during the time frame of our study,” they said.

Detected statistics shows that the clients infected with same malware serving ‘IopFailZeroAccessCreate’ bogus digital certificates were widespread across 45 different countries, including Mexico, Argentina and the United States.

Malware researchers at Facebook, in collaboration with the Microsoft Security Essentials team, were able to conﬁrm these suspicions and identify the speciﬁc malware family responsible for this attack.

DETECTION AND ATTACK MIGRATION TECHNIQUES

Attackers may also restrict Flash-based sockets by blocking Flash socket policy traffic on port 843 or can avoid intercepting SSL connections made by the Flash Player in order to bypass detection techniques used by the researchers. To counter this, websites could possibly serve socket policy ﬁles over ﬁrewall-friendly ports (80 or 443), by multiplexing web trafﬁc and socket policy requests on their servers.

In Addition, researchers have discussed migration techniques in the paper such as HTTP Strict Transport Security (HSTS), Public Key Pinning Extension for HTTP (HPKP), TLS Origin-Bound Certiﬁcates (TLS-OBC), Certiﬁcate Validation with Notaries and DNS-based Authentication of Named Entities (DANE), those could be used by servers to enforce HTTPS and validate digital certificates.

HOW TO REMOVE MALWARE

If you are also infected by any similar malware, please follow below given steps to remove it:

ON HIGH-PRIORITY YAHOO! is finally rolling out encryption implementation over their site and services in order to protect users. Yahoo is rapidly becoming one of the most aggressive supporters of encryption, as in January this year Yahoo enabled the HTTPS connections by default, that automatically encrypts the connections between users and its email service.

November last year, Yahoo revealed plans to encrypt all information that moves between its data centers and finally from 31st March Yahoo has taken another leap in user-data protection through the deployment of new encryption technologies.

NSA TARGET LIST - GMAIL, YAHOO, ... many more.
Last year, It was revealed by Edward Snowden that under MUSCULAR program, the spy agency NSA was infiltrating the private data links between Google and Yahoo data centers.

After finding themselves in the NSA's target list, Yahoo! and Google forced to think hard about the security and privacy of its users. Google had replied back to the NSA in its own way by encrypting its Gmail service between the company’s data centers to make sure that its users’ personal information is safe from the prying eyes.

YAHOO <3 ENCRYPTION
On this, Yahoo! also revealed its plan to encrypt entire information at the end of Q1 of 2014. The Company has announced that:

now it encrypts traffic between its data centers to help protect its users from mass surveillance.

turned on encryption for mail delivery between Yahoo Mail and other email services that support it, like Gmail, support the SMTP TLS standard has been enabled.

The Yahoo homepage and all search queries will now also run with https encryption enabled by default.

Even if the government taps data cables; it won't be able to read your messages. “We implemented the latest in security best-practices, including supporting TLS 1.2, Perfect Forward Secrecy and a 2048-bit RSA key for many of our global properties such as Homepage, Mail and Digital Magazines,” Alex Stamos, Chief Information Security Officer, said in a blog post.

ENCRYPTED YAHOO MESSENGER.. Coming soon
In the meantime, a fully encrypted version of Yahoo Messenger will land soon to protect users from snooping. Late in February this year, Snowden revealed about project ‘Optic Nerve’, under which US Spy agency NSA helped British Spy Agency GCHQ to allegedly capture and store nude images and others from webcam chats of millions of unsuspecting Yahoo users.

“Our goal is to encrypt our entire platform for all users at all time, by default,” said Alex Stamos. “Our fight to protect our users and their data is an on-going and critical effort,”

Additional upcoming security measures taken by Yahoo include implementation of HSTS (HTTP Strict Transport Security) to ensure that web browsers are using only secure HTTPS communication, Perfect Forward Secrecy to generate unique keys for each user session that prevents users from session hijacking attacks, and Certificate Transparency.

”We will continue to work hard to deploy the best possible technology to combat attacks and surveillance that violate our users’ privacy.” he added.

Since mobile has become a basic need for every common as well as important figure now a days. So, every company is highly working to find more effective ways to protect sensitive data of their users and in the race, Vodafone lead the game.

In collaboration with its security partner Giesecke & Devrient (G&D) which is an international leader in mobile security solutions, Vodafone is offering an end-to-end encryption for mobile communication based on the phone SIM card.

Secure Data such as emails, documents, data carriers, and VPN connections will be signed and encrypted by the SIM in such a way that they are unreadable to unauthorized third parties assuring your security and privacy.

SIM users have to encrypt the data by simply using a PIN and a digital signature, and the same is needed in order to decrypt the communication.

"The solution uses the widespread S/MIME encryption program for email exchanges, and in the future, encryption via PGP will also be possible. Users also have the option to authenticate emails in order to verify origins and that email content remains unaltered."

"We created Vodafone Secure SIM Data as a simple, cost-efficient and above all secure value-added service based on the Vodafone SIM card for the telecommunications group's corporate customers," said Carsten Ahrens, Group Senior Vice President of Vodafone Germany's Server Software and Services division. "It regulates access to sensitive data while also protecting mobile data communication effectively against attack."

The type of security the company offering would usually require a separate smart card or security token when logging on via a portable computing device. Yet, Secure SIM Data stores the digital private key and corresponding certificates on the SIM in the user’s notebook or tablet, which alienate the use of additional hardware such as card readers etc.

Since Vodafone work on providing a standardized, flexible and cost-efficient product for their customers, now is also planning to launch its ‘Secure Call app’ for Android, iOS and Windows Phone devices to simplify encrypting mobile phone calls, in partnership with Secusmart.

Good news, we bring an amazing deal of this month for our readers, where you can get hacking courses for as little as you want to pay and if you beat the average price you will receive the fully upgraded hacking bundle!

The Continuous Growth of spyware, their existence, and the criminals who produce & spread them are increasing tremendously. It’s difficult to recognize spyware as it is becoming more complex and sophisticated with time, so is spreading most rapidly as an Internet threat.

Recently, The security researchers have unearthed a very complex and sophisticated piece of malware that was designed to steal confidential data and has ability able to capture network traffic.

The Researchers at the German security company G Data Software, refer the malware as Uroburos, named after an ancient symbol depicting a serpent or dragon eating its own tail, and in correspondence with a string (Ur0bUr()sGotyOu#) lurking deep in the malware's code.

The researchers claimed that the malware may have been active for as long as three years before being discovered and appears to have been created by Russian developers.

Uroburos is a rootkit designed to steal data from secure facilities, has ability to take control of an infected machine, execute arbitrary commands and hide system activities, communicating primarily using peer-to-peer connections in a network it has penetrated to infect new machines within the network, manages to pass back the exfiltrated information back to attackers from infected machines and network data, the researchers explained.

The two main components of Uroburos are - a driver and an encrypted virtual file system, used to disguise its nasty activities and to try to avoid detection. Its driver part is extremely complex and is designed to be very discrete and very difficult to identify.

The malware uses two virtual file systems, one NTFS file system and one FAT file system, and both are stored locally on the infected system and are used as a "workspace" by the attackers, providing a storage space for third-party tools, post-exploitation tools, temporary files and binary output. The virtual file system can’t be decrypted without the presence of drivers, according to the Gdata’s analysis explained in the PDF.

The driver is needed to decrypt the virtual file systems, to create several hooks to hide its activities, to inject libraries in the users land and to establish and manage some communication channels.

“The development of a framework like Uroburos is a huge investment. The development team behind this malware obviously comprises highly skilled computer experts, as you can infer from the structure and the advanced design of the rootkit. We believe that the team behind Uroburos has continued working on even more advanced variants, which are still to be discovered.”

WITH LOVE From RUSSIA: Technical Similarities with the previous malware Agent.BTZ and that the malware Uroburos checks the presence of Agent.BTZ in the system and remains inactive if Agent.BTZ is present, makes the researchers believe that it was designed by the same by the Russian intelligence services, according to G Data analysis.

“Due to many technical details (file name, encryption keys, behavior and more details mentioned in this report), we assume that the group behind Uroburos is the same group that performed a cyberattack against the United States of America in 2008 with a malware called Agent.BTZ,” say the researchers. They also added that the reason it is meant to be of the Russian origin is, “Uroburos checks for the presence of Agent.BTZ and remains inactive if it is installed. It appears that the authors of Uroburos speak Russian (the language appears in a sample), which corroborates the relation to Agent.BTZ. Furthermore, according to public newspaper articles, this fact, the usage of Russian, also applied for the authors of Agent.BTZ.”

In 2008, USB and Removable storage drives placed on hold in the U.S. Army facilities after the spread of Agent.BTZ worm. The USB stick contained malicious code was trying to keep on multiplying further and infected the military’s network.

The attacks carried out with Uroburos are targeting government institutions, research institutions, intelligence agencies, nation states, research institutions or companies dealing with sensitive information as well as similar high-profile targets. The oldest drivers identified by the researchers was compiled in 2011 is the evidence that the malware was created around three years ago and was undetected.

“The Uroburos rootkit is one of the most advanced rootkits we have ever analyzed in this Environment,” the G Data concluded.

The team behind the development of the malware Uroburos has developed an even more sophisticated framework, which still remains undiscovered, the researchers believe. Many infection vectors are conceivable. E.g. Spear phishing, drive-by-infections, USB sticks, or social engineering attacks.

In the category of Ransomware Malware, a nasty piece of malware called CRYPTOLOCKER is on the top, that threatened most of the people around the world, effectively destroying important files of the victims.

Cryptolocker, which strongly encrypts victims' hard drives until a ransom is paid, is now again back in action to haunt your digital life with an additional feature.

Until now, CryptoLocker has been spread via spam email, with victims tempted to download an attachment or click on a link to a malicious website, but now it can spread itself as a worm through removable USB drives.

Security Researchers at Trend Micro have recently reported a new variant of Cryptolocker which is capable of spreading through removable USB drives.

As Previously reported by our Security experts at The Hacker News, Cryptolocker is a malware which locks your files and demand a ransom to release it. The files are encrypted so removing the malware from the system doesn’t unlock your files. The only way to get your files decrypted is to pay a demanded ransom amount to the criminals.

This new cryptolocker’s version is detected as WORM_CRILOCK. A, and can infect the computers by posing as key generator or activators for paid software like Adobe Photoshop, Microsoft Office on Torrent websites.

If CryptoLocker has already encrypted your files, then it will display a message demanding payment. Once installed on a system, it can replicate itself onto a USB drive and spread further and also if that infected system is connected to a network, the Cryptolocker work can look for other connected drives to infect them as well.

Other malware has employed similar tactics in the past, but CryptoLocker's encryption is much more secure and is currently not possible to crack. But the new Cryptolocker didn’t use DGA (domain generation algorithm), but instead relied on hardcoded command & control center details.

Further analysis of WORM_CRILOCK reveals that it has a stark difference compared to previous variants. The malware has foregone domain generation algorithm (DGA). Instead, its command-and-control (C&C) servers are hardcoded into the malware. Hardcoding the URLs makes it easier to detect and block the related malicious URLs. DGA, on the other hand, may allow cybercriminals to evade detection as it uses a large number of potential domains. This could mean that the malware is still in the process of being refined and improved upon. Thus, we can expect latter variants to have the DGA capability.

Recommendations for users to defend against such threats:

Users should avoid using P2P i.e. Torrent sites to get pirated copies of software and stick with official or reputable sites.

Users should also be extremely careful about plugging USB drives into their computers. If you found one lying around, don't plug it in to see what may be on it.

I am sure that you all have been familiar with the above shown annoying Window Operating System error messages that many times pop ups on your screen while working on the system in case of process failure i.e. "The system has recovered from a serious error. A log of this error has been created. Please tell Microsoft about this problem"

The message that prompts ask the user to report the problem to Microsoft followed by the options to Send an error report or Not send. Most of the time Gentle users like you and me used to submit these error reports to aware the Microsoft about the problem. But What if these crash reports can be abused to identify the vulnerabilities of your system for Spying?

NSA is intercepting wide range of Internet Traffic including many Encrypted connections and naturally unencrypted also and surprisingly, by default Microsoft encrypts its reports, but the messages are transmitted unencrypted or over standard HTTP connections to watson.microsoft.com.

The latest revelations from the Snowden document leaks revealed by the German publication Der Spiegel described how the NSA's secret hacking unit called Tailored Access Operations Unit, or TAO Unit, breaking into a windows computer by gaining passive access to machines.

Der Spiegel’s explains:

The automated crash reports are a “neat way” to gain “passive access” to a machine, the presentation continues. Passive access means that, initially, the only data the computer sends out into the Internet is captured and saved, but the computer itself is not yet manipulated. Still, even this passive access to error messages provides valuable insights into problems with a targeted person’s computer and, thus, information on security holes that might be exploitable for planting malware or spyware on the unwitting victim’s computer.

Microsoft has Windows Error Reporting (a.k.a. Dr. Watson) technology fromWindows XP to later versions. Windows crash reports give up all kinds of information about your system, allowing them to know what software is installed on your PC, respective versions and whether the programs or OS have been patched.

Websense Security Firm observed the Windows Error Reporting system and find that it sends out its crash logs in the clear text:

This information includes:

Date

USB Device Manufacturer

USB Device Identifier

USB Device Revision

Host computer - default language

Host computer - Operating system, service pack and update version

Host computer - Manufacturer, model and name

Host computer - Bios version and unique machine identifier

Why should we care about this? Because System or application Crashes signal about various possible Zero-day vulnerabilities that could be exploited and this is the exact information that the NSA or anyone else needs when tailoring a specific attack against your system, or when designing some kind of malware to infect it.

Der Spiegel also added:

When TAO selects a computer somewhere in the world as a target and enters its unique identifiers (an IP address, for example) into the corresponding database, intelligence agents are then automatically notified any time the operating system of that computer crashes and its user receives the prompt to report the problem to Microsoft. An internal presentation suggests it is NSA's powerful XKeyscore spying tool that is used to fish these crash reports out of the massive sea of Internet traffic.

A Microsoft spokesperson asked to comment on the reports said, "Microsoft does not provide any government with direct or unfettered access to our customer's data. We would have significant concerns if the allegations about government actions are true."

Websense also recommends that Error report data should be encrypted with SSL at a minimum, ideally using TLS 1.2 in order to prevent it from NSA snooping. Alexander Watson, director of security research, Websense, will be presenting advanced findings related to this research at the 2014 RSA Conference in San Francisco.

How To Disable Error Reporting:

If you want to disable Windows Error Reporting, open Control Panel and search for “Problem reporting settings”. Open that option and Select “Never check for solutions.” However Microsoft does not recommend users do so, but it's your choice, neither it harms your system.

The Publicized Hacks, Cyber attacks and Data breaches continue to increase, and the majority of attacks are from outsiders.

Recently, Some unknown Russian hackers have reportedly stolen Personal details of nearly 54 million Turkish citizens, about 70% of the whole Turkish population.

According to a report published by 'Hurriyet News', Researchers from KONDA Security firm revealed that the hackers have stolen data from a political party's vulnerable system that include Name, ID numbers and address of 54 million voters across the Nation.

Researchers claimed that the hacked system (being used for Database and website Management) did not have any antivirus product installed and voter information was also uploaded online on a vulnerable website.

This was really a bad idea, and they mentioned that “in two hours hackers downloaded all the information.”

In another statement, they mentioned that some government institutions share citizen’s personal data online with other public and private bodies without ensuring the protection of data.

It’s tough to accept, but you cannot protect all data. Data breaches will keep striking in 2014 also, but we will never know Where, When and How. Attackers are getting smarter, developing new advanced persistent threats, so Data breaches continue to become increasingly sophisticated.

It is always important to take steps to enable encryption for Data and Devices, educate and aware the end users about the latest threats and basic necessary actions to protect the key data.